b'                       U.S. Environmental Protection Agency                                                    09-P-0187\n                                                                                                            June 30, 2009\n                       Office of Inspector General\n\n\n                       At a Glance\n                                                                             Catalyst for Improving the Environment\n\n\nWhy We Did This Review            Results of Technical Network Vulnerability\nThe Office of Inspector\n                                  Assessment: Region 8\nGeneral contracted with\nWilliams, Adley & Company,         What Williams, Adley & Company, LLP, Found\nLLP, to conduct the annual\naudit of the U.S.                 Vulnerability testing conducted in April 2009 of EPA\xe2\x80\x99s Region 8 network\nEnvironmental Protection          identified Internet Protocol addresses with numerous high-risk vulnerabilities.\nAgency\xe2\x80\x99s (EPA\xe2\x80\x99s) compliance       If not resolved, these vulnerabilities could expose EPA\xe2\x80\x99s assets to unauthorized\nwith the Federal Information      access and potential harm to the Agency\xe2\x80\x99s network.\nSecurity Management Act\n(FISMA). Williams, Adley &         What Williams, Adley & Company, LLP, Recommends\nCompany, LLP, conducted the\nnetwork vulnerability testing     Williams, Adley & Company, LLP, recommends that the Region 8 Director of\nof the Agency\xe2\x80\x99s local area        Technical and Management Services:\nnetwork located at EPA\xe2\x80\x99s\nRegion 8 office in Denver,        \xe2\x80\xa2   Implement actions to address all high-risk vulnerability findings.\nColorado.\n                                  \xe2\x80\xa2   Update EPA\xe2\x80\x99s Automated Security Self Evaluation and Remediation\n                                      Tracking (ASSERT) system.\nBackground                        \xe2\x80\xa2   Perform a technical vulnerability assessment test of Region 8\xe2\x80\x99s network\n                                      within 30 days to demonstrate and document corrective actions that have\nThe network vulnerability             resolved the vulnerabilities.\ntesting was conducted to\nidentify any network risk         Due to the sensitive nature of the report\xe2\x80\x99s technical findings, the full report is not\nvulnerabilities and present the   available to the public.\nresults to the appropriate\nEPA officials to promptly\nremediate or document\nplanned actions to resolve the\nvulnerability.\n\n\n\nFor further information,\ncontact our Office of\nCongressional, Public Affairs\nand Management at\n(202) 566-2391.\n\x0c'